Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:113026 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 33202 invoked from network); 30 Jan 2021 16:23:18 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 30 Jan 2021 16:23:18 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id D56631804AA for ; Sat, 30 Jan 2021 08:05:48 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-1.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-Virus: No X-Envelope-From: Received: from mail-pf1-f172.google.com (mail-pf1-f172.google.com [209.85.210.172]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Sat, 30 Jan 2021 08:05:45 -0800 (PST) Received: by mail-pf1-f172.google.com with SMTP id q131so8189304pfq.10 for ; Sat, 30 Jan 2021 08:05:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=qfDNchLyg6WSgS8f+vHyZdPaMWM8t4jq9aR6ezd5VGc=; b=gHRqDh4CJFpbjT1+scQK82o6gEx+toRqNY0bYzRSku8lBVd773SYEbKvpF2S5TZpf+ vT+9c+QpwR4wrQzuclwhcY0qASaBhojFZXE0xQ92cs+RWwyS2I3TlZyRV3aHbZBe8sTW PdRYbe+bhU8F1rHOLu65lXFZuKXT+dmb/9M2KNIfKM42uWZO3os8F5s7FbjLJm6uz55p tHOpCK5V6B4BaTMxOyyksJTK5iM/sGUGdOUJaZ6asMmooIx7YKpjKQMb05WSpd4nLzAl Jf1BlIDBd6I9HUUtCoiiilQM8aNZOpSb7V1W6lgCyqlKbiEg9Br5euvL+whLrePs8/oI zUpg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=qfDNchLyg6WSgS8f+vHyZdPaMWM8t4jq9aR6ezd5VGc=; b=sMFJMsD2a8/XdzYYlEvLyhGy4HZEYClRhQrei7XH4PQOcVqL8r7ZT1tVeRJNUfdjgG HghJRDcblugYYvM7ryd2wnFqJqv6rVyIVNsuK/Th3NujR17ZnUZFaOemqe9R4Z+z/aRi fE40CQ2BtDiDor5P+rAr72FnQLS2jvKKNAjx+49nxV8sMpta2foI2D7YnkekcBh8fMFt PeZcdwRqT59lhgp0yYa5s3nkkxVHi5Af7wWoRlOr74P3gm6eQgzvCVuQ8Ittvu0O0V99 3VhlSgdeAqmlAwMj0kG6oOSpQOf7UqPosyA7RL/D0XlbLHKWbOvtX4ilZNYZUghjWzFF 0z3w== X-Gm-Message-State: AOAM531p6YM3OV9OJEP7uU/h3zQuonWEH0d3+LSOb2nrL1CG1+0f+9aZ YzdEjSgLrvZvajvPHYhynx9KGZH+DuMOclkoumL2oJxTN1FnLg== X-Google-Smtp-Source: ABdhPJz4l3+d7oI19CAxP+K2sZ5n8Hi9si/A2W9gnbrEP/I4ZdX9nxTeeGJIzyOTy42zcBhgiymoRc7tQaTpq1hJHuc= X-Received: by 2002:a63:c43:: with SMTP id 3mr9125044pgm.250.1612022741532; Sat, 30 Jan 2021 08:05:41 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: Date: Sat, 30 Jan 2021 17:05:30 +0100 Message-ID: To: PHP internals Content-Type: multipart/alternative; boundary="000000000000e104df05ba204a35" Subject: Re: [PHP-DEV] password_verify() and unknown algos From: divinity76@gmail.com (Hans Henrik Bergan) --000000000000e104df05ba204a35 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable PASSWORD_THROW_ON_ERROR password_verify ( string $password , string $hash, int $flags =3D 0 ) : boo= l On Fri, 29 Jan 2021 at 16:01, Benjamin Morel wrote: > Hi all, thanks for the constructive feedback. > > On Fri, 29 Jan 2021 at 15:52, Marco Pivetta wrote: > > > > > Gonna be the usual person saying: let's not clutter functions with more > > behavior than what's needed :-) > > > > If you need to validate a hash for being "well formed" rather than > > "matching", then write a separate function dedicated to that, rather th= an > > increasing the complexity of a pre-existing symbol. > > > > Marco Pivetta > > > I would definitely vote for that, too. It feels to me like throwing an > exception on invalid algo / malformed hash should be the default behaviou= r, > and that the use case brought up by Anthony, although very relevant, shou= ld > be the one that should test for validity using another function (or pass = an > extra parameter). > > That being said, it's indeed a BC break. Would it be small enough to be > allowed to hit 8.1? I don't know. > > =E2=80=94 Benjamin > --000000000000e104df05ba204a35--